The Hacker News — Cyber Security, Hacking, Technology News

U.S. National Security Agency (NSA) is infamous for conducting Global Mass Surveillance to snoop secretly on users' online communications, phone calls, private instant messages, and personal emails, but there is something shocking about it.

The Security Agency also asked its employees to watch Porn -- Yes! Porn and a lot of Porn.

The Analysts and Terrorism experts employed by U.S. Intelligence Agencies including the NSA and the CIA (Central Intelligence Agency) are tasked to watch graphic videos all day long.

According to the recent report by Daily Beast, the Graphic video contents containing ISIS prisoner beheading, attacks on U.S. military forces, and sometimes sexual abuse of children are gathered from the computers and smartphones of captured or killed terrorists, and from websites frequented visited by jihadists.

WHY NSA IS WATCHING PORN?

Islamic State (Isis) and Al-Qaeda terrorists are using Reddit, eBay and pornography to send coded messages to their followers.

Israeli Intelligence Agency noticed that Terrorists are using steganography technique to hide secret messages or content within an image or video file in order to keep their plans hidden from law enforcement and Intelligence agencies.

However, the cyber security experts and data forensic teams sitting at NSA and CIA examine these graphical images and porn videos in an effort to gain clues that could help them track down the perpetrators, rescue hostages, or stop terrorist attacks on countries.

"It’s mostly porn," a former intelligence officer, who worked on counterterrorism operations, told The Daily Beast. "In another context, a dedicated 'porn room' might be the greatest office park imaginable. But watching hours of the stuff becomes monotonous."

Checking every image and watching every second of the graphic video for a whole day long actually becomes difficult for some analysts, as the work can take an "extraordinary toll" on their emotional state of mind. And to cope up with this issue, the Intelligence agencies have employed specialist psychologists and therapists.

Also last year, an operation dubbed "Optic Nerve" showed the ugly face of the Intelligence agencies that allegedly captured and stored nude images and other sensitive data from webcam chats of nearly 1.8 Millions of unsuspecting Yahoo users, which was the great assault on users’ privacy.

At the agencies, watching porn videos and other graphical material to figure out the content behind it is a part of job for the analysts.

Obviously, the graphical content may or may not contain the clues about terrorists, but they have to watch all of them, and this is what they are getting paid for.

No doubt, the analysts sometimes feel oppressed and become angry, but the agency claims that it "deeply values the health and wellness of our [NSA & CIA] employees and provides a range of comprehensive services to address their needs."

"The NSA has long offered psychological consultation and intervention services to support our employees' important work against today's increasingly complex global threats," NSA spokesperson Vanee Vines said in a statement.

TERRORISTS STARTED ADOPTING STRONG ENCRYPTION

However, keeping in mind the out datedness of Steganography technology, I do not think that terrorists are still using the technology to communicate, when they have so many end-to-end encrypted messaging apps readily available out there.

So, it is hard to believe that after the revelation of NSA’s mass surveillance programs by the agency’s cyber security specialist Snowden, terrorists communicate via an outdated technology.

JOHN OLIVER INTERVIEW WITH SNOWDEN:- ABOUT "DICK-PIC"

On Sunday's edition of Last Week Tonight, John Oliver interviewed NSA whistleblower Edward Snowden in Moscow.

The conversation went half serious, half humorous when Snowden was asked, "Can the government secretly access Americans' naked selfies?"

Snowden said, Yes!

Oliver showed Snowden that when the New Yorkers were asked about Snowden and his work, they barely had an answer, which means most of the people in U.S. are actually not aware of NSA’s surveillance program.

But, when the interviewer asked the New Yorkers about the government spying on their "Dick Pics," they were far more concerned. However, Snowden says, "The good news is there's no program named the Dick-Pic Program."

Many times organizations, companies and groups of people come across the problem when their social media teams have to work within a single Twitter account or maintain multiple twitter accounts. In this case, either they need to use some third party API-based services or they use TweetDeck software, the official free alternative tool to manage multiple twitter accounts.

But the major problem with TweetDeck service is that everyone in the team need to have access to the same TweetDeck account password or multiple Twitter account passwords in order to use multiple accounts at one interface, and this is a known password sharing security issue from past few years.

To cope up with these issues, Twitter has started rolling out a new feature called TweetDeck Teams, a new way to let you share your Twitter accounts on TweetDeck to multiple users without sharing passwords.

ROLE OF ADMINISTRATORS

TweetDeck Teams, which is rolling out to TweetDeck for the web, TweetDeck for Chrome and TweetDeck for Windows on Tuesday, allows companies or organizations to appoint administrators who can give access to as many "contributors" as the admin likes and, at the same time, to revoke that access as necessary.

The admins have ability to sign into TweetDeck with his/her personal accounts and send tweets, schedule tweets and add or remove team members. They cannot, however, access an account from outside TweetDeck or change accounts, credentials or passwords.

ROLE OF CONTRIBUTORS

On the other hand, contributors only have the ability to tweet from the account, build lists, follow and unfollow accounts, and send and schedule tweets. But, they cannot view, add or remove team members, access the account outside of TweetDeck, or change credentials.

"Remember, once you've transitioned over to TweetDeck Teams, you should continue to use login verification on your accounts, and encourage your team members to as well," Amy Zima, Product Manager of the company wrote on the blog post. "Instead of relying on just a password, login verification introduces a second check to make sure that you and only you can access your Twitter account."

HOW TO ACTIVATE TWEETDECK TEAMS ?

To set up your team, here’s how to activate the new TweetDeck Teams feature:

Log into TweetDeck using the account’s Twitter credentials.

Select Accounts from the navigation bar. Select Team (@yourbrandhandle).

Type the name of the account or accounts you want to have access to @yourbrandhandle.

Select Authorize and an email will be sent to the account holder. When he or she accepts the invitation the team account holder will receive an email that that account has been added to the team.

VIDEO DEMONSTRATION

You can also check the video below for a closer look at how TweetDeck Teams works.

This is how the TweetDeck is finally challenging the Twitter third party services such as HootSuite, Buffer or SocialFlow.

Password sharing is one of the major and top security concern for everybody online and this new feature will solve this issue to some extent. Sharing a password with your co-workers is a major security concern. Like in case of NSA leaks, when Edward Snowden was able to gain access to many unauthorized sites because fellow employees shared their passwords with him.

President Barack Obama signed an executive order on Friday that encourages and promotes sharing of information on cybersecurity threats within the private sector and between the private sector companies and the government agencies as well.

AREAS TO IMPROVE

During his speech at the White House Cybersecurity Summit at Stanford University in California, where many tech leaders and other government officials also assembled, the President highlighted events affecting cybersecurity and the development of the Internet.

The four areas that Obama believes must be improved are listed below:

Development and evolution of the Internet

Cybersecurity

Rights of individuals in regards to the Internet

Cooperation between the Government and private companies

EVERYONE IS VULNERABLE - OBAMA

"The cyber world is sort of the Wild Wild West and to some degree we are asked to be the sheriff," Mr. President told a crowd at the Memorial Auditorium. "When something like Sony happens, people want to know what government can do about it. The technology so often outstrips whatever rules and structures and standards have been put in place."

"Everybody’s online and everybody’s vulnerable," Obama stressed.

White House believes that the primary means of online security shouldn’t depend on passwords, and we must have some new technologies that combine greater security and convenience to the online users. In order to ensures a user’s security online, the technology must move beyond usernames and passwords.

EXECUTIVE ORDER

The Obama ‘Executive order’ is meant to establish a framework in efforts to help businesses and government organizations "prioritize and optimize" their spending, and quickly identify and protect themselves against cyberthreats, carried out by both hackers and foreign nations. The framework will also polish communication across companies and organizations to better manage cyber risks.

"There's only one way to defend America from these cyberthreats, and that is with government and [private] industry working together, sharing appropriate information."

The major companies including Apple, Intel, Bank of America and Pacific Gas & Electric (PG&E) have already committed themselves to the government's new cyberthreat framework.

The executive order added the Department of Homeland Security to the list of government organizations that would be able to approve the sharing of classified information and ensure that proper information is shared between the entities.

CYBERSECURITY FRAMEWORK

Since 2013, the Obama’s administration has been actively working on this issue, when the president signed a previous executive order on Critical Infrastructure Cybersecurity. That, in turn, resulted in the development of the "Cybersecurity Framework."

Obama acknowledged the challenge to protect American citizens from cyber threats, but at the same time protect their right to privacy. He mentioned companies such as Symantec, Intel and Bank of America are going to use the government’s improved Cybersecurity Framework to strengthen their own defenses.

Facebook CEO Mark Zuckerberg, Yahoo CEO Marissa Mayer and Google's Larry Page and Eric Schmidt were all invited to the Stanford event, but won't attend, according to the companies. Apple CEO Tim Cook is making an appearance, talking about people's rights to privacy and security.

ONCE AGAIN ONLINE PRIVACY IS IN QUESTION

Of course, the news is not great for everybody because this new executive order will reduce legal liability for companies that share too much information of its users.

Also, no one can guarantee whether the private sector will be willing to offer this information, as many companies are still reeling from Edward Snowden’s revelations about how the government agencies are using users information to spy on their customers in the US and abroad.

A copy of the executive order has yet to be published on the White House website.

The NSA and GCHQ have tracked and monitored the activities of independent and nation-state hackers, along with some of the foremost security researchers in order to gather information on targets and pilfer the stolen data from hackers' archives, top secret Snowden documents reveal.

State-sponsored, individual Blackhat hackers and hacking groups target some or other organizations on an ongoing basis. So, by monitoring the work of 'freelance' and rival state hackers, the NSA and its allies get the stolen information, such as email accounts or chats owned by target of their interest, without doing much of hard work.

HACKERS STOLE FROM TARGETS & AGENCIES STOLE FROM HACKERS

According to the latest revealed documents provided by whistleblower Edward Snowden, the hacks and sophisticated breaches on the targets were carried out by the state-sponsored and freelance hackers, but the stolen data, referred to as 'take', was then pilfered by the agencies for their own interest, "without notifying the hacking victims of these breaches."

The hackers' sophisticated email-stealing infrastructure was referred to as INTOLERANT and both Canada and the United Kingdom had hands in hacker pockets.

"Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers," reads one of the documents quoted by the Intercept. "The hackers' sophisticated email-stealing intrusion set is known as INTOLERANT."

INTOLERANT PROGRAM

"Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect."

The state-sponsored hackers also targeted a large number of human rights organizations, diplomatic corporations, democracy activists and even journalists. Though, the data collected under the NSA's INTOLERANT project was well organized.

The agencies labeled all kind of stolen data to identify and categorize victims. The categorization in done as following:

A = Indian Diplomatic & Indian Navy

B = Central Asian diplomatic

C = Chinese Human Rights Defenders

D = Tibetan Pro-Democracy Personalities

E = Uighur Activists

F = European Special Rep to Afghanistan and Indian photo-journalism

G = Tibetan Government in Exile

LOVELY HORSE PROGRAM

In a separate document, it was revealed that the NSA had also run an open source intelligence gathering service known as Lovely Horse, a program created by GCHQ to monitor and index public discussion on Twitter and other social media by hackers and security experts including Mark Dowd, Tavis Ormandy and HD Moore.

"Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources," one document states.

NSA AND GCHQ FOLLOW ‘THE HACKER NEWS’

Around 60 blogs and 36 other Twitter accounts, all listed by the Intercept, could be flattered by the agency's interest, the document states.

The list also include our website's THE HACKER NEWS official twitter handle (@TheHackersNews), which means that NSA and GCHQ have their eyes on every upcoming hacking news and incidents. The agencies were analyzing and collecting intelligence by monitoring our online activities. We feel proud that GCHQ and NSA found The Hacker News updates worth to follow. Stay Tuned.

A number of western companies are doing big business in China, but now they may have to pay a huge value for to do so.

China has introduced strict new banking cyber security regulations on western companies selling technology to Chinese banks. The Chinese government wants backdoors installed in all technologies that imports into the Middle Kingdom for the benefit of Chinese security services.

The latest rules also state that western companies must hand over the Encryption Keys and secret source code as well. The requirements are so absurd that it would be impossible for companies like Apple to comply, which could harm American businesses.

"The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China," The New York Times reports.

The new requirements, detailed in a 22-page long document approved late last year, are in response to Edward Snowden’s revelations about the United States National Security Agency’s surveillance activities on Chinese networks.

In May 2014, Chinese government announced that it will roll out a new set of regulations for IT hardware and software being sold to key industries in their country. China have repeatedly blamed U.S. products and criticize that U.S. products are itself threat to national security, as they may also contain NSA backdoors, among other things.

The US Chamber of Commerce and other groups called these new rules by Chinese official "intrusive". They has also called Chinese government for talks on the issue.

U.S. businesses fear that the latest regulations by China will effectively shove them out of the world's largest and fastest-growing market. Recently, it was announced that Apple became the biggest smartphone seller in China in the final quarter of last year. The scale of effect could be calculated from this.

Last week, it was revealed that Tim Cook had agreed to "security audits" of its products sold in the country, but Apple has always insisted that it will never allow backdoor access to its products nor compromise the encryption used by its products and services, "and we never will."

However, many firms may not find this demand to meet, due to intellectual property and security concerns. So just wait and watch how other companies respond to this fresh regulations of China demands backdoor access.

​Researchers have uncovered a new evidence that a powerful computer program discovered last year, called "Regin", is "identical in functionality" to a piece of malware used by the National Security Agency (NSA) and its Five Eyes allies.

REGIN MALWARE

"Regin" is a highly advanced, sophisticated piece of malware the researchers believe was developed by nation state to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008.

Regin was first discovered in November 2014 by the researchers at antivirus software maker Symantec and was said to be more sophisticated than both Stuxnet and Duqu.

The malware alleged to have been used against targets in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria, among others.

The recent evidence comes from the journalists at Der Spiegel who published the source code for a malicious program code-named 'QWERTY' – "a piece of software designed to surreptitiously intercept all keyboard keys pressed by the victim and record them for later inspection."

QWERTY KEYLOGGER MALWARE

The malicious program was revealed earlier this month when Der Spiegel magazine published a detailed article on the US National Security Agency's cyber espionage operations based on documents obtained from the former NSA contractor Edward Snowden.

The QWERTY program is included in the malware products used by the NSA and other intelligence agencies worldwide that are part of the Five Eyes Alliance (US, Australia, Canada, New Zealand and the United Kingdom) in order to eavesdrop and conduct destructive cyber operations on targets.

QWERTY = REGIN

After examining QWERTY’s code, the security analysts at Kaspersky Labs concluded that the keylogger’s source code can be linked to 'Regin,' and that the malware developers of QWERTY and Regin are either the same, or work closely together.

Moreover, the researchers also found that both QWERTY and the 50251 plug-in depend on a different module of the Regin platform identified as 50225 which relies on kernel hooking functions. This strongly proves that QWERTY can only operate as part of the Regin platform.

"Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its sourcecodes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," Costin Raiu and Igor Soumenkov, researchers at Kaspersky’s Securelist blog, said on Tuesday.

Der Spiegel reported that QWERTY is likely a plug-in of a unified malware framework codenamed WARRIORPRIDE that is been used by all Five Eye partners. Also, it is several years old and has likely already been replaced.

However, the link between QWERTY and Regin suggests that the cyber espionage malware platform, security researchers call Regin, is none other than WARRIORPRIDE.

Regin tool has also been linked to hacks which targeted the International Atomic Energy Agency based in Austria and the 2011 attack on European Commission computers, Spiegel said.

Chinese spies stole "many terabytes of data" about the design of Australia’s Lockheed Martin F-35 Lightning II JSF, according to top secret documents disclosed by former US National Security Agency intelligence contractor Edward Snowden to German magazine Der Spiegel.

Chinese spies allegedly stole as much as 50 terabytes of data, including the details of the fighter’s radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets.

So far, the F-35 Lightning II JSF is the most expensive defence project in the US history. The fighter aircraft, manufactured by US-based Lockheed Martin, was developed at a cost of around $400 billion (£230 billion).

Beijing likely used the stolen information from American intelligence through espionage to help develop its latest "fifth-generation" fighters, military experts told the Morning Herald.

The Chengdu J-20 and China’s most advanced fighter jet, the Shenyang J-31 Falcon Hawk, have been extensively influenced by design information stolen from the US. The Falcon Hawk has roughly the same appearance as the F-35.

The disclosed documents reportedly confirm that the Australian government was informed of the cyber-espionage and aware of the "serious damage" caused due to the breach relating to development of the F-35 JSF.

The main data breach was believed to have taken place at the prime contractor, Lockheed Martin, in 2007, before orders for the F-35 Lightning II placed by Australia and Japan. However, in June 2013, Defense Department acquisitions chief Frank Kendall told the US Senate that he was "reasonably confident" that F-35 data was now better protected.

The Snowden documents also revealed the NSA spying operation on China’s espionage agencies. According to the documents, the NSA hacked into the computer of a senior Chinese military official and stole information about Chinese intelligence targets in the US government and other foreign governments.

Among the sensitive military technologies and data stolen included in the breach was information relating to the B-2 stealth bomber; the F-22 Raptor stealth fighter; nuclear submarine and naval air-defence missile designs; and tens of thousands of military personnel records.

Sometimes we wonder that how the National Security Agency (NSA) reached such a wide range of its Surveillance operation across the world – which you can measure from several secret documents released by the former NSA contractor Edward Snowden.

This hell parameter of the NSA’s operation was not reached by its agents sitting in the NSA headquarter in United States, but by its undercover agents working in foreign companies based in China, Germany, and South Korea to infiltrate and compromise foreign networks and devices, according to documents obtained by The Intercept.

NSA INTERCEPTING FOREIGN NETWORKS AND DATA CENTRES

The latest document from the Snowden’s desk talks about a program called “physical subversion,” under which the NSA’s undercover operatives were infiltrating foreign networks to acquire sensitive data and access to systems in the global communications industry and possibly even some American firms.

The document describes the details regarding various field activities involving computer network attacks – information which is held among the NSA’s so-called “core secrets” in a system code-named Sentry Eagle. The document is dated 2004, although there's no reason to believe that the NSA has changed its behavior since then.

Previous documents largely focused on U.S. companies providing the agency with vast amounts of customer data, including phone records and email traffic and also revealed the NSA’s operations to hack into other systems or to work with private corporations in an effort to weaken their own encryption systems, but the latest report suggests the agency could be embedding operatives into foreign, as well as domestic, “commercial entities.” But, it’s unclear whether these “commercial entities” are American or foreign or both.

REVELATION OF VARIOUS PROGRAMS

According to the latest document, NSA describes six different programs under its “core secrets,” all of which are categorized under the “Sentry Eagle” and some of which were ongoing as of year 2012. The programs are composed of the following:

Sentry Hawk - involves cooperation between the NSA as well as foreign and domestic companies in order to exploit computer networks.

Sentry Falcon - includes the defense of computer networks.

Sentry Osprey - involves the NSA cooperating with the CIA, FBI and Pentagon to hire human agents that can help give the agency access to networks.

Sentry Raven - describes the NSA’s negotiations with American companies to weaken their encryption in order to give the agency easier access.

Sentry Owl - involves the NSA working with foreign companies to make their products susceptible to NSA data gathering.

The document clearly states that any disclosure of the “secrets” can cause “exceptionally grave damage to US national security” and should not be done without an authorization from a senior intelligence official.

One of the important programs in Sentry Eagle under the codename Sentry Osprey is “HUMINT,” a human intelligence asset that has the ability to conduct Signals intelligence operations (SIGINT), which involve the interception of communications and electronic signals. Both foreign as well as domestic companies could be targeted.

This program is labeled as TAREX which, according to a 2012 classification guide, “conducts worldwide clandestine Signals Intelligence (SIGINT) close-access operations and overt and clandestine Human Intelligence (HUMINT) operations.” The program reportedly has a presence in South Korea, Germany, and China, with a domestic presence in Georgia, Hawaii, and Texas.

NSA REFUSED TO COMMENT

For its part, the NSA declined to clarify details to The Intercept. It released a statement saying, “It should come as no surprise that NSA conducts targeted operations to counter increasingly agile adversaries.” At the same time, the agency said it “takes into account the globalization of trade, investment and information flows, and the commitment to an open, interoperable, and secure global Internet.”

When approached the NSA, it refused to clarify details about the disclosed documents to The Intercept, releasing a statement stating, “It should come as no surprise that NSA conducts targeted operations to counter increasingly agile adversaries.” At the same time, the agency said it “takes into account the globalization of trade, investment and information flows, and the commitment to an open, interoperable, and secure global Internet.”

Users might have praised the technology companies for efforts to encrypt their latest devices that would prevent law enforcement agencies’ hands on users’ private data, but the FBI is not at all happy with Apple and Google right now.

The Federal Bureau of Investigation director, James Comey, said Thursday he was "very concerned" over Apple and Google using stronger or full encryption in their Smartphones and Tablets that makes it impossible for law enforcement to collar criminals.

According to Comey, the Silicon Valley tech giants are "marketing something expressly to allow people to place themselves above the law."

"There will come a day – well it comes every day in this business – when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a terrorist or a criminal's device," Comey told reporters.

"I just want to make sure we have a good conversation in this country before that day comes. I'd hate to have people look at me and say, 'Well how come you can't save this kid,' 'How come you can't do this thing.'"

The move is in the response to the revelations of mass surveillance conducted by the US National Security Agency (NSA), revealed by former contractor Edward Snowden, that triggered a large-scale movement worldwide towards deploying encryption across all the Digital Services.

The FBI remarks come following both privacy changes introduced by Apple as well as Google. Just last week, Google announced it would be providing data encryption by default with its next version of Android i.e. Android L.

While Apple with the release of iOS 8 earlier this month, allowed iPhone and iPad users to encrypt most personal data with a password. Also last week, the company introduced enhanced encryption for iOS 8 devices under which it will no longer store the encryption keys for devices in iOS 8, making it impossible for the company to decrypt a locked device, even on law enforcement request.

"Unlike our competitors, Apple cannot bypass your pass code and therefore cannot access this data," Apple said in its new privacy policy, updated on Wednesday. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

Google’s announcement for by default encryption comes a day after Apple revealed that it is expanding its two-factor authentication process to include the iCloud storage system, which was recently targeted by hackers to extract over 100 nude celebrities photos.

Comey said he agreed-upon the privacy concerns in the wake of NSA leaker Edward Snowden's revelations about massive US government surveillance. But he also noted that the FBI sometimes has an urgent need to access users’ data, such as in cases of terrorism or kidnappings.

"I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law," Comey moaned. "What concerns me about this is companies marketing something expressly to allow people to place themselves above the law."

Despite criticism from the FBI, it's improbable that Apple or Google is going to step back from their efforts, because the technology companies again will not compromise with their reputation in the market where many are criticised in past to put backdoors in their products for law enforcement agencies.

The National Security Agency and its British counterpart, GCHQ, gained secret access to the German telecom companies’ internal networks, including Deutsche Telekom and Netcologne, in an effort to “map the entire Internet — any device, anywhere, all the time.”

As reported by German news publication Der Spiegel, citing the new set of leaked documents provided by former NSA contractor Edward Snowden, the five major intelligence agencies including NSA and GCHQ have been collaborating to get near-real-time visualization of the global internet as a part of NSA’s ‘Treasure Map’ surveillance program, also dubbed as "the Google Earth of the Internet."

TREASURE MAP TRACKS YOU 'ANYWHERE AND ALL THE TIME'

The data collected by the intelligence agencies doesn’t just include information from large traffic channels, such as telecommunications cables. Rather, it also include information from every single device that is connected to the internet somewhere in the world — every smartphone, tablet, and computer — "anywhere, all the time," according to NSA documents.

"[The program aims] to map the Internet, and not just the large traffic channels, such as telecommunications cables. It also seeks to identify the devices across which our data flows, so-called routers. [The program] allows for the creation of an ‘interactive map of the global Internet’ in ‘near real-time,'" the report said.

The Treasure Map program was described by Snowden as "a 300,000 foot view of the internet," as it allows agencies to collect Wi-Fi network and geolocation data from around the world, along with 30 million to 50 million unique internet provider addresses. The program was first made public by the New York Times report late last year, along with other documents by Snowden.

But at the time, the US intelligence officials apparently claimed that program was not used for surveillance purposes, but only for mapping foreign and US Defence Department networks, "limited by the amount of data available to the agency," according to the NY Times report.

FIVE EYES AGENCIES

Der Spiegel reported that the Treasure Map PowerPoint presentation highlighted the agents which carriers and internal company networks Five Eyes agencies — those in the US, Australia, the UK, Canada, and New Zealand — claim to have already accessed.

German parliamentary investigators plan to question executives of telecommunications operators about the program under which the agencies have been breaking into service providers' networks to monitor them. However, Deutsche Telekom reportedly said it had found no evidence of manipulation or external access to its networks.

DEUTSCHE TELEKOM - 'NO EVIDENCE OF SURVEILLANCE'

"We are looking into every indication of possible manipulations, but have not yet found any hint of that in our investigations so far," a Telekom spokesperson told Reuters in a statement. "We're working closely with IT specialists and have also contacted German security authorities. It would be completely unacceptable if a foreign intelligence agency were to gain access to our network."

The NSA is yet to comment on the latest round of allegations involving Treasure Map. Whereas, GCHQ said that its work "is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight" by other government agencies, Bloomberg news reported.

RELATIONS BETWEEN US AND GERMANY

Germany's NSA Inquiry Committee was established in March to investigate allegations by Global surveillance whistleblower Edward Snowden that the US government has been eavesdropping German citizens and even bugged Chancellor Angela Merkel’s personal cell phone, an issue that has strained relationships and raised trust issues between old allies, Berlin and Washington.

The relations between the two became even more worse when two months back, Germany arrested a German intelligence officer who worked as a double agent and passed information to the CIA about the parliament’s NSA investigation, which shows that the US snooping is ongoing.

Yahoo! has broke its silence and explained why it handed over its users’ data to United States federal officials, thereby promising to expose those court documents which ordered the snooping.

The US government threatened Internet giant with a $250,000 fine per day several years ago if it failed to comply with National Security Agency’s notorious PRISM Surveillance program, according to unclassified court documents released by Yahoo! on Thursday.

"The released documents underscore how we had to fight every step of the way to challenge the US Government’s surveillance efforts," the company's general counsel Ron Bell said on Yahoo's Tumblr page. "At one point, the US Government threatened the imposition of $250,000 in fines per day if we refused to comply."

The documents released by Yahoo! shed new lights on the NSA’s secret surveillance program PRISM, which was previously leaked from the agency’s confidential documents provided by Global surveillance whistleblower and former National Security Agency contractor Edward Snowden.

PRISM allowed NSA to intercept and process not just the United States telecoms companies data including Verizon which has 98.9 million customers, but also some of the most widely used and major Internet firms including Microsoft, Google, Yahoo!, Facebook and Skype. However, Officials have said the deeply contentious program ended in 2011.

The Foreign Intelligence Surveillance Court (FISA) of Review, which provides legal authority in surveillance requests, released more than 1,500 pages of previously secret documents related to Yahoo!'s 2007 challenge to the government's demand for data, according to Bell, who said that in 2007, the US government "amended a key law to demand user information from online services."

"We refused to comply with what we viewed as unconstitutional and overbroad surveillance and challenged the US government's authority," Bell said.

But, Yahoo eventually lost that initial challenge and an appeal. The released documents underscore how Yahoo and others have been seeking to make public these court documents to show they were forced to comply with government requests and made every attempts to fight the US Government’s surveillance efforts, rather than simply acquiescing to them.

"We consider this an important win for transparency and hope that these records help promote informed discussion about the relationship between privacy, due process, and intelligence gathering," Bell added.

"Users come first at Yahoo. We treat public safety with the utmost seriousness, but we are also committed to protecting users’ data. We will continue to contest requests and laws that we consider unlawful, unclear, or overbroad."

The Christopher Soghoian, Principal Technologist at ACLU, points out the $250k-a-day fine, which means $90m (£55.42m) fine a year, seems cheap for the trust of users worldwide. As Yahoo!'s net income in 2008 was $424.3m.

Some parts of released documents remain classified and the Internet giant is still pressuring the court to agree to make those documents public, as well as other documents that are still classified.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

Have you ever used Shodan search engine? A publicly available service crawls the Internet looking for connected devices and list their open ports, services running, system information etc.

Shodan search engine is majorly used by Hackers, developers, students and anyone else with a sense of curiosity to find Internet-facing vulnerable systems with open ports and insecure mechanisms for authentication and authorization i.e. Servers, Internet-Connected Cameras, Traffic Lights, And SCADA Systems.

According to latest revelation from the whistleblower Edward Snowden, British spy agency GCHQ – counterpart of NSA – apparently uses their own port scanning service to target internet-connected systems in at least 27 countries, in an attempt to potentially exploit them.

In top-secret documents published by Heise on Friday, the Port-scan is a part of the “Hacienda” program which scans for open ports on all public-facing servers to find out vulnerable applications running on them – a basic technique used by a large number of hackers and criminals.

WHY SCANNING FOR OPEN PORTS

Open ports are the doorways to the targeted server or workstation that is connected to the Internet. Port Scanning Tools like Nmap allows you to discover which network ports are open on your target host.

Behind an open port, there is an application or service that is able to receive and send data to the client. But these applications may have vulnerabilities or bugs which could be exploited by a hacker to gain access to sensitive data or execute malicious code on the machine remotely.

So, the idea behind the program is to use those vulnerabilities to secretly turn the vulnerable servers into the operational relay boxes (ORBs). As a result, when the British spy agency or one of its Five-Eyes partners wants to attack a target or steal data, they use these ORBs as an attack pathway, to hide their tracks.

"So-called Operational Relay Boxes are used to hide the location of the attacker when the Five Eyes launch exploits against targets or steal data," Heise explains.

WATCHING BY FIVE EYES

The freshly-revealed top secret GCHQ documentation dating back to 2009, note that HACIENDA program was used to fully port-scan 27 countries and partially scan five more, which was operated by “Five Eyes” Nations, including the NSA and the spy agencies of Canada, Australia and New Zealand. Targets included ports using protocols such as SSH (Secure Shell) and SNMP (Simple Network Management Protocol), which are used for remote access and network administration.

The Heise report is co-written by Snowden confidantes Jacob Appelbaum and Laura Poitras, that states:

“The process of scanning entire countries and looking for vulnerable network infrastructure to exploit is consistent with the meta-goal of 'Mastering the Internet', which is also the name of a GCHQ cable-tapping program: these spy agencies try to attack every possible system they can, presumably as it might provide access to further systems.”

“Systems may be attacked simply because they might eventually create a path towards a valuable espionage target, even without actionable information indicating this will ever be the case. Using this logic, every device is a target for colonisation, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target.”

The HACIENDA database is shared with other member of Five Eyes spying club through “Mailorder” – a secure way for them to exchange collected data.

TCP STEALTH

Port scanning generally takes advantage of a basic flaw in the TCP protocol, which lets clients and servers talk to each other over the Internet by establishing client-server connections by “three-way handshake” and the problem actually resides here. This handshake leaks data associated with the ports, even if the client that’s doing the probing isn’t authorized.

The report suggests various countermeasures against all this port scanning. One of these techniques is TCP Stealth, which can help prevent Hacienda and similar tools from identifying systems. TCP Stealth works by adding a passphrase on the user’s device and on the system that needs to be protected. In case, if the passphrase is incorrect, the system simply doesn’t answer, and the service appears to be dead.

This latest revelation may not surprise or impress the Internet security experts because the kind of port scanning software, such as nmap and Zmap, are fundamental tools for hackers, developers and other curious folks, the only thing noticeable about HACIENDA program is its wide-scale.

The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 31-year-old global surveillance whistleblower and former U.S. intelligence contractor, who has received a three- year residence permit from Russia, his lawyer announced on Today.

“On the first of August he received a three-year residence permit,” lawyer Anatoly Kucherena told RT.

He had not asked for political asylum, his lawyer added.

The former NSA contractor has not apply for Russian citizenship for now, as he will be able to apply for the Russian citizenship in five years. “A foreign citizen, who got a residence permit, will certainly be able to apply for citizenship,” Kucherena said.

“He will be able to travel freely within the country and go abroad. He’ll be able to stay abroad for not longer than three months,” Kucherena said.

Snowden is responsible for handing over material from one of the world's most secretive organisations the NSA. The United States has charged him with the theft of government property and communicating classified information.

Snowden’s year-long permit to stay in Russia had already expired on 31 July.

The former CIA technician and NSA systems administrator had first flown to the Special Administrative Region of China on May 20 from Hawaii with an estimated 1.7 million NSA documents. He gave an estimated 200,000 documents to American journalists he met in Hong Kong.

Snowden arrived in Russia on June 23, 2013, on a flight from Hong Kong. According to his lawyer, Snowden will hold a press conference in Russia as soon as it will be possible.

The 31-year-old former US National Security Agency (NSA) contractor Edward Snowden has warned that during surveillance, among other things, NSA system administrators also intercepted and routinely passed the nude photos of people in "sexually compromising" situations among other NSA employees.

In a video interview, NSA whistleblower speaks with the Guardian editor-in-chief Alan Rusbridger and reporter Ewen MacAskill in Moscow, which was then published by the Guardian on Thursday.

WOOOH!! ATTRACTIVE NUDIE PICS - PASS IT ON TO BILL TOO

"You've got young enlisted guys, 18 to 22 years old. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records," he said in the video interview.

"During the course of their daily work they stumble upon something that is completely unrelated to their work in any sort of necessary sense – for example, an intimate nude photo of someone of in a sexually compromising situation, but they're extremely attractive. So what they do? They turn around in their chair and show their co-worker."

“The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported.”

“It's routine enough, depending on the company that you keep, it could be more or less frequent," Snowden says. "These are seen as the fringe benefits of surveillance positions."

NO COMEBACK OF THOSE PICS

The person’s whose private life has been exposed never know about it, because the internal auditing procedures at the NSA are incredibly weak that there is no comeback of those intercepted naked photos.

“The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights,” he added and questioned, “Why is that in a government database?”

DROPBOX - HOSTILE TO PRIVACY

Edward Snowden said cloud storage service Dropbox is "hostile to privacy," and called for more companies to offer services that prevent government snooping.

Snowden spread light on the cloud storage provider company, Spideroak, which offers greater protection to its users. The only fact behind it is that the company stores all the users data for backups, but in an encrypted form. So, its employees do not have access to the encrypted user data. Also if the government ask for user data, the company cannot hand over any meaningful or decrypted content.

Snowden calls Dropbox, a "PRISM wannabe." He asserted that the cloud storage Dropbox has recently appointed former US Secretary of State Condoleezza Rice to its board of directors, who Snowden said is “hostile to privacy” and described her as "the most anti-privacy official you can imagine."

Accountants, lawyers, and doctors should all level up their skills, Snowden said, and journalists in particular should be aware that a single slip up could compromise their sources.

I COULD LIVE IN U.S. PRISON -- SNOWDEN

Snowden addressed a number of things, noting that if he ended up in US prison facility at Guantánamo Bay, Cuba, he could “live with” that. He again dismissed any claim that he was or is a Russian spy or agent, describing those allegations “bullshit.”

"I'm not going to presume to know what a jury would think, or to say what they should or should not think. But I think it's fair to say that there are reasonable and enduring questions about the extent of these surveillance programs, how they should be applied and that should be the focus of any trial," he said.

UPDATE

The NSA’s spokesperson said such activity wouldn’t be tolerated, but didn’t explicitly deny the Snowden’s claim.

“NSA is a professional foreign-intelligence organization with a highly trained workforce, including brave and dedicated men and women from our armed forces,” said spokesperson Vanee Vines by email. “As we have said before, the agency has zero tolerance for willful violations of the agency’s authorities or professional standards, and would respond as appropriate to any credible allegations of misconduct.”

So far we have heard that using privacy tools by every individual and offering encrypted communication by every company is the only solution to Mass Surveillance conducted by the government and law enforcement authorities. But, Germany says the only solution to guard against surveillance is - Stop using Computers!!

Ohh Please!! Is it a joke?

No, it does not mean that they are going to completely throw out all of their computer systems, but rather they would use it preposterous.

A year ago, when it came to light that German Chancellor Angela Merkel’s own personal mobile phone had been spied by the U.S. National Security Agency (NSA) for years, Surveillance has become a big issue for Germany. Such a big that prominent politicians are seriously considering using manual typewriters for sensitive documents instead of computers.

The head of the Germany's NSA Inquiry Committee, Patrick Sensburg said in an interview with the Morgenmagazin TV show on Monday night, that the government is seriously considering a low-tech solution to the ongoing espionage problem and to keep American eyes off of sensitive documents.

Sensburg: As a matter of fact, we have - and not electronic models either.

Surprised interviewer: Really?

Sensburg: Yes, no joke.

Sensburg is heading up the Bundestag’s parliamentary inquiry into the NSA’s activities on German soil and is the one who know about the serious concerns caused by foreign states surveillance programs.

Germany's NSA Inquiry Committee was established in March to investigate allegations by NSA whistle blower and former contractor Edward Snowden that the United States government has been eavesdropping Germans and even bugged Chancellor Angela Merkel’s personal cell phone, an issue that has strained relationships and raised trust issues between old allies, Berlin and Washington.

The relations between the two became even more worse when earlier this month, Germany arrested a German intelligence officer who worked as a double agent and passed information to the CIA about the parliament’s NSA investigation. According to Sensburg, US snooping is ongoing.

After Edward Snowden released his first document about the U.S. government's surveillance activities, even Russia also thought to revert again to the old-school forms of communication, and bought 20 electric typewriters last year to keep inside communications more private, according to the Moscow Times.

“Any information can be taken from computers,” a Russian member of parliament said. "[F]rom the point of view of keeping secrets, the most primitive method is preferred: a human hand with a pen or a typewriter.”

IN-SHORT

But, Just think that How much is this Practically possible? Just to safeguard ourselves from spying, we should start using Typewriters instead of emails, What it means? Means we should go on-foot instead of using cars, just to protect ourselves from an accident. Agree? Well, I am not!

Every individual, even government authorities should be encouraged to make use of best privacy tools and encrypted communication only, this would protect them from the risk of spying.

If anybody says that NSA is watching you, nobody surprises. But, a large scale investigation published by Washington Post indicates that the scope of surveillance carried out by US National Security Agency was massive even than the expectation of you and me.

Just because you are an ordinary person doesn’t mean that you are safe, as 90 percent of messages intercepted by the NSA were not foreign targets but ordinary users, like you and me, from the United States and abroad.

Interestingly, your all those “startingly intimate” data and personal photographs had been left in plain view on NSA databases for someone else, according to a new report in The Washington Post published Sunday detailing a four-month review of about 160,000 intercepted e-mail and text message conversations involving 11,000 online accounts provided by former NSA contractor Edward Snowden.

The National Security Agency has gathered nearly half of the files which contains names, email addresses or other details belonged to United States citizens or residents, which the agency concealed, or “minimized,” to protect those citizens' privacy.

But despite the NSA concealed 65,000 references to Americans names, email addresses and other personal information, the Post found more than 900 additional email accounts were found unmasked “that could be strongly linked to US citizens or US residents.”

The paper also describes NSA’s efforts to gather some more valuable data from its intended security targets in its wide surveillance method.

"Among the most valuable contents — which the Post will not describe in detail, to avoid interfering with ongoing operations — are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks," the Post reports.

Although there were many other files considered “useless” by analysts but never deleted, which exposed the secrets of 10,000 account holders who were never declared NSA targets and were unrelated to national security, detailing of "love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes," the Post says.

Just think, the photos of kids in bathtubs and kissing their mothers — and of women modeling lingerie or posing in skimpy bikini tops would be of National interest. Strange!

All the emails and Instant Messages (IMs) were collected with the help of the NSA's PRISM and Upstream programs, the Post said.

The papers also disclose that the NSA’s months of tracking communication efforts led directly to the capture a Pakistan-based bomb builder, and Umar Patek, a suspect in the terrorist bombing on the Indonesian island of Bali in 2002; Muhammad Tahir Shahzad, a bomb builder in Pakistan; and other examples the Post is withholding at the request of the CIA so as not to interfere with current intelligence operations.

United States intelligence officials neither confirm nor deny the integrity of the intercepted content provided by the former NSA contractor Edward Snowden to the Post.